MAC address 00:ab:00:00:00:00?

  • I noticed something screwy happening with my pfSense late at night and after some mucking around I found this in my DHCP leases:

    IP address      MAC address            Hostname    Start                              End                              Online    Lease Type    00🆎00:00:00:00                          2012/04/03 03:07:33    1969/12/31 17:00:00    offline    active

    I tried looking this up in System Logs but the GUI only lets me see maximum 2000 entries, and it seems that the DHCP portion was wiped after I rebooted the system.  I have accounted for all the DHCP leases, except for this one, and as you can see it is quite unusual.

    Can this mean that someone cracked my WPA2 encryption and is using my WIFI with this spoofed MAC address?

  • It could mean anything, no telling based on that description. Definitely a screwy MAC address but there are numerous possible reasons for that. Unlikely anyone cracked your WPA2 unless you're using a key like "password". That host show up in your ARP table?

  • i noticed it too

    IP address         MAC address   Hostname Start                         End                         Online Lease Type 00🆎00:00:00:00         2012/04/24 16:27:13 1970/01/01 08:00:00 offline active

  • Rebel Alliance Developer Netgate

    Might be interesting to see the contents of /var/dhcpd/var/db/dhcpd.leases and, if you can catch it, the DHCP logs from that request.

  • I have the same problem here. Status -DHCP lease 00🆎00:00:00:00 2012/07/27 09:28:26 1970/01/01 06:30:00

    It seems like never expired dhcp lease.

  • I set this MAC to static IP and block this IP from accessing anything at Firewall Rules.
    I can't even manually delete this DHCP lease. What a strange?  :o